14 Oct 2019

These are the 29 countries vulnerable to Simjacker attacks

Last month, AdaptiveMobile Security warned that threat actors are actively exploiting a security weakness in SIM cards in order to covertly collect the location information of thousands of users. The attacked, dubbed Simjacker,involves sending malicious SMS messages to vulnerable devices and it was estimated that it could put over 1

Read More
14 Oct 2019

New Samsung Warning: Galaxy S10 Fingerprint Reader Hit By ‘Security Breach’

The in-display fingerprint reader in Samsung Galaxy S10 devices can easily be bypassed via a cheap gel protector manufactured by a third-party, a user recently discovered. In response, Samsung is warning customers to use only “Samsung authorized accessories, specifically designed for Samsung products.” The third-party gel protector was designed to

Read More
14 Oct 2019

FIN7 Hackers Load New RAT Malware Into ATM Maker’s Software

New research by FireEye’s Mandiant group shows that the infamous FIN7 cybercrime group is using new hacking tools in order to target ATMs produced by NCR Corporation. The new tools include a malware dropper called BOOSTWRITE that is designed to deliver multiple payloads. The malware delivered by BOOSTWRITE consists of

Read More
14 Oct 2019

Iran-Linked ‘Charming Kitten’ Touts New Spearphishing Tactics

Iranian state-backed hacking group APT 25 (also known as Charming Kitten, Phosphorus, Ajax Security Team, NewsBeef and Newscaster) has updated its attack techniques to carry out a spearphishing campaign targeting US President Donald Trump’s re-election campaign, according to recent research[pdf] by ClearSky Cyber Security. The report states that the new attack

Read More
11 Oct 2019

ICS cybersecurity investment should be a priority in protecting operations from disruption

A new Tripwire study reveals that the overwhelming majority (93%) of ICS security professionals are worried about disruptive cyberattacks impacting business operations or resulting in downtime of customer-facing services. 77% of companies have invested in ICS cybersecurity in the last 2 years in order to mitigate these threats. However, about

Read More
11 Oct 2019

AppSec ‘Spaghetti on the Wall’ Tool Strategy Undermining Security

In order to mitigate application security risk, organizations often use a ‘spaghetti on the wall’ approach, meaning that they use lots of different tools and hope for the best, a new Radware report indicates. The most common AppSec solutions are Web Application Firewalls (WAFs, used by 75% of firms), cloud WAF services

Read More
11 Oct 2019

Flaw in iTunes for Windows Abused for Ransomware Attacks

Security researchers with Morphisec are warning the BitPaymer ransomware actors have been exploiting a security flaw in the Bonjour updater for the Windows version of Apple iTunes in order to avoid detection by anti-malware solutions on targeted systems. Bonjour contains an “unquoted path vulnerability,” that can enable threat actors to

Read More
11 Oct 2019

Magecart Attack on eCommerce Platform Hits Thousands of Online Shops

Trend Micro recently discovered a new Magecart campaign targeting webshops hosted on the Volusion platform. Magecart is an umbrella term for various criminal groups that attack websites with the aim of injecting them with “skimming” malware designed to steal the payment card information of visitors. Last month, threat actors compromised

Read More
11 Oct 2019

Gaming, photo apps in Google Play infect Android handsets with malware

Last month, researchers with Dr. Web discovered that a number of apps on the Google Play Store were riddled with malware, including banking Trojans, adware, spyware, and info stealers. The malicious apps claimed to be games, tools, camera plugins or other seemingly legitimate software. Among the discovered malware samples was

Read More
11 Oct 2019

Imperva blames data breach on stolen AWS API key

Last month, cybersecurity firm Imperva announced that the data of a “subset of customers” of Imperva’s Cloud Web Application Firewall was exposed in a “security incident” in September 2017. This week, the company published an analysis of the breach, which shows that the incident was made possible by the company

Read More